China’s National Vulnerability Database (NVDB), a government-run cybersecurity platform operating under the Ministry of Industry and Information Technology, has issued an official warning claiming that Anthropic’s AI developer tool, Claude Code, contains embedded “security backdoor risks.”
According to Chinese authorities, specific versions of the tool can quietly transmit highly sensitive user data—including geographic locations, proxy configurations, and identity-related identifiers—to remote external servers without user knowledge or consent.
Key Details of the Vulnerability Report
-
Affected Versions: The security alert specifically flags Claude Code versions 2.1.91 through 2.1.196, which encompasses releases deployed between April 2 and June 29.
-
The Official Mandate: The NVDB has classified the mechanism as a “severe threat,” advising Chinese institutions, enterprise networks, and individual developers to thoroughly audit their development environments and immediately uninstall the flagged versions or upgrade to the latest secure build (version 2.1.204 or higher).
Anthropic Counters: An Anti-Abuse and Anti-Distillation Measure
Anthropic has openly defended the code, stating that the mechanism is not a malicious backdoor but rather a standard, experimental fraud and anti-abuse framework deployed earlier this year.
According to statements from Anthropic engineers, the telemetry was specifically engineered to:
-
Block Unauthorized Resellers: Catch illicit third-party vendors selling access to Claude services within unsupported regions.
-
Prevent Model Distillation: Block adversarial AI labs from systematically scraping Claude Code’s outputs to train, refine, or “distill” competing indigenous models.
Anthropic further noted that its AI services are explicitly restricted in China due to compliance and national security regulations, adding that “the users being advised to uninstall Claude Code were never permitted to run it in the first place.” Despite these restrictions, the tool remains highly popular among Chinese engineers who circumvent blocks using overseas VPNs and corporate proxies.
Corporate Fallout and Escalating AI Friction
The dispute highlights a deepening tit-for-tat dynamic in the global AI race. In June, Anthropic formally accused Chinese e-commerce and cloud giant Alibaba of orchestrating a massive model distillation campaign using roughly 25,000 fraudulent accounts to extract data over tens of millions of interactions.
Following reverse-engineering reports circulating on technical forums like Reddit—which revealed the tool used obfuscated checks to flag Chinese corporate networks—Alibaba blacklisted Claude Code across its corporate infrastructure, mandating that employees transition entirely to its proprietary coding assistant, Qoder.

